If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Enjoy an ad free experience by logging in. Not a member yet? Register.

That is an excellent example of antiquated and long dead JavaScript calls.

The <!-- --> around the script is to hide the code from Internet Explorer 2 and Netscape 1 - neither of which understood JavaScript - both of those browsers have been dead for almost 20 years.

The language attribute on the script tag was replaced almost that long ago by the type attribute.

prompt() ceased to be used in live pages when Netscape 4 died. More recently it was used for debugging but now that all browsers have a built in debugger even that use is unnecessary.

unescape() was declared obsolete long ago because it only supports limited character sets. It was replaced by decodeURI() a long time ago.

document.write() has been obsolete since Netscape 4 died.

Anyway the entire script is pointless - as is any JavaScript password script since the person accessing the page has complete access to the code of the script and can easily modify it to find out what password the script expects or even to bypass the entire password check (although not in this case where the entire page content is generated by the script and so the page is inaccessible to everyone without JavaScript- which is why such scripts are pointless).

Insert console.log(password); just before the return password call to see what the password you enter gets converted to. You can also set breakpoints using the debugger built into your browser to test what values all of the variables have at each spot in the code.

Just by looking at the code I can see that the entered password is being converted to an array of numbers and that those numbers are being used as offsets into the orig string to retrieve the characters to out put the web page and so if the wrong password were entered then the wrong offsets would be used resulting in a jumbled mess in place of the web page.

That is an excellent example of antiquated and long dead JavaScript calls.

The <!-- --> around the script is to hide the code from Internet Explorer 2 and Netscape 1 - neither of which understood JavaScript - both of those browsers have been dead for almost 20 years.

The language attribute on the script tag was replaced almost that long ago by the type attribute.

prompt() ceased to be used in live pages when Netscape 4 died. More recently it was used for debugging but now that all browsers have a built in debugger even that use is unnecessary.

unescape() was declared obsolete long ago because it only supports limited character sets. It was replaced by decodeURI() a long time ago.

document.write() has been obsolete since Netscape 4 died.

Anyway the entire script is pointless - as is any JavaScript password script since the person accessing the page has complete access to the code of the script and can easily modify it to find out what password the script expects or even to bypass the entire password check (although not in this case where the entire page content is generated by the script and so the page is inaccessible to everyone without JavaScript- which is why such scripts are pointless).

Insert console.log(password); just before the return password call to see what the password you enter gets converted to. You can also set breakpoints using the debugger built into your browser to test what values all of the variables have at each spot in the code.

Just by looking at the code I can see that the entered password is being converted to an array of numbers and that those numbers are being used as offsets into the orig string to retrieve the characters to out put the web page and so if the wrong password were entered then the wrong offsets would be used resulting in a jumbled mess in place of the web page.

Well, what in the name of...all that is binary....... just out of curiosity what would the password, be? also, do you have a source for a better snippet?

Luckily i just have to make an example of a password code in javascript, not implement it serverside.

But i am interested in the security of this, i found that there actually is a built in password function some thing like get.password which takes the keyboard input and compares it to a hidden value...but is that value hidden at all?